<?php

/************************************

EasyCB, Community Forum Software
Copyright (C) 2007, 2008  Jonathon D. Keogh <jonathon.keogh@gmail.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

$Id: page.new.php 190 2008-05-12 15:33:37Z jonathon.keogh $

************************************/

require "inc.func.php";

if(!user_loggedin())
{
	page_redirect("page.login.php");
}

// Get the variables out of the query string (this will determine what type of thing we're deleting)
$response = isset($_GET['response']) ? $_GET['response'] : 0;
$topic = isset($_GET['topic']) ? $_GET['topic'] : 0;

// If none or both are set, then we must ignore this and redirect
if(($response == 0 && $topic == 0) || ($response != 0 && $topic != 0))
{
	page_redirect("page.boards.php");
}

// Get details of the thing we're deleting
if($response != 0)
{
	$r = db_query("SELECT * FROM `" . config_get("db_prefix") . "posts` WHERE `ID`='" . db_escape($response) . "';");
	$r = db_fetch_assoc($r);
	
	// Check that this isn't the first response - you can't delete the first response
	$x = db_query("SELECT * FROM `" . config_get("db_prefix") . "posts` WHERE `TopicID`='" . db_escape($r['TopicID']) . "' ORDER BY `Time` ASC LIMIT 0, 1;");
	$x = db_fetch_assoc($x);
	if($x['ID'] == $response)
	{
		// Because there isn't an option to delete the first response, this means they've somehow hacked the query string up to force a deletion - so we don't need to explain ourselves, and just force them elsewhere
		page_redirect("page.boards.php");
	}
} elseif($topic != 0) {
	$r = db_query("SELECT * FROM `" . config_get("db_prefix") . "topics` WHERE `ID`='" . db_escape($topic) . "';");
	$r = db_fetch_assoc($r);
}

// Determine whether the user is actually permitted to delete the thing
if($response != 0 && ($r['UserID'] == sess_get("UserID") || user_level(user_name(sess_get("UserID"))) > 0))
{
	// We're good, so do the delete (set a deletion date)
	db_query("UPDATE `" . config_get("db_prefix") . "posts` SET `Deleted`='" . db_escape(time()) . "' WHERE `ID`='" . db_escape($response) . "';");
	
	// If this is the LAST post then we should remove the unread marker - if one exists
	$x = db_query("SELECT * FROM `" . config_get("db_prefix") . "posts` WHERE `TopicID`='" . db_escape($r['TopicID']) . "' ORDER BY `Time` DESC LIMIT 0, 1;");
	$x = db_fetch_assoc($x);
	if($x['ID'] == $response)
	{
		db_query("DELETE FROM `" . config_get("db_prefix") . "unread` WHERE `TopicID`='" . db_escape($r['TopicID']) . "' AND `NewPostFrom`='" . db_escape($response) . "';");
	}
	
	// Show the response at it's deletion state
	page_redirect("page.topic.php?id=" . urlencode($r['TopicID']) . "#response-" . urlencode($response));
} elseif($topic != 0 && ($r['UserID'] == sess_get("UserID") || user_level(user_name(sess_get("UserID"))) > 0)) {
	// We're good, so actually delete from the database
	db_query("DELETE FROM `" . config_get("db_prefix") . "posts` WHERE `TopicID`='" . db_escape($topic) . "';");
	$y = mysql_affected_rows();
	db_query("DELETE FROM `" . config_get("db_prefix") . "topics` WHERE `ID`='" . db_escape($topic) . "';");
	db_query("DELETE FROM `" . config_get("db_prefix") . "unread` WHERE `TopicID`='" . db_escape($topic) . "';");
	
	// Find out what the last post is for this board
	$z1 = db_query("SELECT * FROM `" . config_get("db_prefix") . "topics` WHERE `Board`='" . db_escape($r['Board']) . "';");
	$cur = array("id" => 0, "time" => 0);
	while($row = db_fetch_assoc($z1))
	{
		$z2 = db_query("SELECT `Time` FROM `" . config_get("db_prefix") . "posts` WHERE `ID`='" . db_escape($row['LastPost']) . "';");
		$z2 = db_fetch_assoc($z2);
		if($z2['Time'] > $cur['time'])
		{
			$cur['id'] = $row['LastPost'];
			$cur['time'] = $z2['Time'];
		}
	}
	
	// Check the sub-forums (if applicable) to see if the ones there are dated later
	$z3 = db_query("SELECT * FROM `" . config_get("db_prefix") . "boards` WHERE `Parent`='" . db_escape($r['Board']) . "';");
	if(db_num_rows($z3) != 0)
	{
		while($row = db_fetch_assoc($z3))
		{
			$z5 = db_query("SELECT `Time` FROM `" . config_get("db_prefix") . "posts` WHERE `ID`='" . db_escape($row['LastPost']) . "';");
			$z5 = db_fetch_assoc($z5);
			if($z5['Time'] > $cur['time'])
			{
				$cur['id'] = $row['LastPost'];
				$cur['time'] = $z5['Time'];
			}
		}
	}
	
	print_r($cur);
	
	// We've got the latest post now
	$cur = $cur['id'];
	
	// Update the last post on boards
	$trail = explode('|', board_trail($r['Board']));
	foreach($trail as $board)
	{
		$count = db_query("SELECT `PostCount`, `TopicCount`, `LastPost` FROM `" . config_get("db_prefix") . "boards` WHERE `ID`='" . db_escape($board) . "';");
		$count = db_fetch_assoc($count);
		
		$postcount = $count['PostCount'];
		$topiccount = $count['TopicCount'];
		
		db_query("UPDATE `" . config_get("db_prefix") . "boards` SET `PostCount`='" . ($postcount - $y) . "', `TopicCount`='" . ($topiccount - 1) . "' WHERE `ID`='" . db_escape($board) . "';");
		
		if($count['LastPost'] == $r['LastPost'])
		{
			db_query("UPDATE `" . config_get("db_prefix") . "boards` SET `LastPost`='" . db_escape($cur) . "' WHERE `ID`='" . db_escape($board) . "';");
		}
	}
	config_set("TopicCount", config_get("TopicCount") - 1);
	config_set("PostCount", config_get("PostCount") - $y);
	
	// Bring them back to the board
	page_redirect("page.board.php?id=" . urlencode($r['Board']));
} else {
	page_redirect("page.boards.php");
}

?>